In the absence of a privacy mechanism, sensitive data (e.g., passwords, account numbers, proprietary information, etc.) transmitted over a network may be susceptible to interception by unauthorized parties. One privacy mechanism commonly used to protect network data is the Virtual Private Network (VPN). Using specialized tunneling protocols and optionally secure encryption techniques, data integrity and privacy may be maintained in a VPN in what seems like a dedicated point-to-point connection.
Network-based VPNs typically are implemented through a tunneling mechanism. In general, the tunneling mechanism encapsulates the packet headers and/or payload prior to transmission of the packet over an established VPN tunnel. As a result, the transmission of a VPN-based packet only uses non-tunneling information, such as the Internet Protocol (IP) addresses of the ends of the tunnels, while the sensitive information, such as the source and destination IP addresses and sensitive payload data, remains encapsulated. Exemplary tunneling mechanisms include IP/IP tunneling, Generic Router Encapsulation (GRE) tunneling, IP Security (IPSec) tunneling and Multi-Protocol Label Switching (MPLS) tunneling. The configuration of VPN tunnel typically is specific to the particular type of VPN used.
A typical Network IP-based VPN generally includes at least two provider edge (PE) devices (e.g., a VPN-enabled router) interconnected via a series of provider devices (e.g., routers) that form a network backbone, where the network backbone typically includes one or more public networks, such as, for example, the Internet or a wide area network (WAN). Connected to each PE device are one or more customer edge (CE) devices, such as a workstation or personal computer. In this type of network-based VPN, VPN tunnels are established between PE devices, rather than between CE devices. These tunnels, herein referred to as PE-PE tunnels, typically are established at either Layer-2 or Layer-3 of the International Standard Organization's Open System Interconnect (ISO/OSI) network model. Exemplary VPN mechanisms at Layer-2 include Virtual Private LAN Service (VPLS) (see Waldemar Augustyn et al., “Requirements for Virtual Private LAN Services (VPLS),” October 2002, available at <http://www.ietf.org/internet-drafts/draft-ietf-ppvpn-vpls-requirements-01.txt>, the entirety of which is hereby incorporated herein by reference) and Virtual Private Wire (VPW) (see Eric Rosen et al., “L2VPN Framework,” February 2003, available at <http://www.ietf.org/internet-drafts/draft-ietf-ppvpn-12-framework-03. txt>, the entirety of which is hereby incorporated herein by reference). Exemplary VPN mechanisms at Layer-3 include Virtual Routing (VR)-based mechanisms, such as VR using Border Gateway Protocol (BGP) (see Hamid Ould-Brahim et al. “Network based IP VPN Architecture using Virtual Routers,” July 2002, available at <http://www.ietf.org/internet-drafts/draft-ietf-ppvpn-vpn-vr-03. txt>, the entirety of which is hereby incorporated herein by reference) or VPNs based on RFC 2547bis (often referred to as BGP/MLPS-based VPNs)(see Eric Rosen et al., “BGP/MPLS VPNs” available at <http://www.ietf.org/internet-drafts/draft-ietf-ppvpn-rfc2547bis-03.txt>, October 2002, the entirety of which is hereby incorporated herein by reference).
Regardless of the VPN mechanism used, a primary step in establishing a network-based VPN is to provide information about each VPN configured on a local PE device to the remaining remote PE devices. A number of mechanisms may be implemented to achieve this distribution of PE information, such as BGP, Domain Name Service (DNS), Remote Authentication Dial In User Service (RADIUS), and the like. Such mechanisms are well known in the art. After distributing this PE information, one or more PE-PE tunnels typically are established based in part on information received through a VPN auto-discovery mechanism.
Various tunnel signalling protocols may be used to establish and maintain VPN tunnels, such as, for example, Resource Reservation Protocol (RSVP), Resource Reservation Protocol—Traffic Engineered (RSVP-TE), Label Distribution Protocol (LDP), Constraint-based Routing LDP (CR-LDP), Asynchronous Transfer Mode (ATM), Frame Relay, Generic Routing Encapsulation (GRE), IPSec, and the like.
Various parameters for VPN tunnels in conventional Layer-2 and Layer-3 VPNs typically are configured manually by the service provider. As a result, the scalability of such conventional VPN implementations is limited due to the difficulty in manually configuring a complex and dynamic VPN system having a large number of PE devices and/or constantly changing system requirements, such as a continuous changing number of tunnels/VPNs, constant, continuous changes in resources such as bandwidth, delay and/or Quality of Service (QoS) requirements, and the like. Further, these conventional VPN implementations generally lack a defined mechanism to relate VPN tunnels to a per VPN or per set of VPNs resources such as QoS profiles or other tunnel-specific parameters. As a result, the flexibility of such conventional VPN systems is compromised because the VPN is unable to predictably respond to changes in bandwidth requirements, QoS requirements, and the like.
In view of the foregoing, it would be desirable to provide a technique for facilitating the configuration of VPN tunnels based at least in part on supplied parameters in an auto-discovery manner. More particularly, it would be desirable to implement resource profiles such as Quality of Service (QoS) parameters using a VPN auto-discovery as an extension to existing auto-discovery mechanisms in an efficient and cost effective manner.